pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q1]: pkgsrc/audio/libid3tag pullup ticket #2392 - requeste...
details: https://anonhg.NetBSD.org/pkgsrc/rev/3642a4deb37b
branches: pkgsrc-2008Q1
changeset: 540372:3642a4deb37b
user: rtr <rtr%pkgsrc.org@localhost>
date: Fri May 23 10:25:50 2008 +0000
description:
pullup ticket #2392 - requested by simonb, tron
libid3tag: fix end of string check
revisions pulled up:
- pkgsrc/audio/libid3tag/Makefile 1.22
- pkgsrc/audio/libid3tag/distinfo 1.4,1.5
- pkgsrc/audio/libid3tag/patches/patch-ab 1.1,1.2
Module Name: pkgsrc
Committed By: simonb
Date: Tue May 20 13:31:39 UTC 2008
Modified Files:
pkgsrc/audio/libid3tag: Makefile distinfo
Added Files:
pkgsrc/audio/libid3tag/patches: patch-ab
Log Message:
Check for end-of-string when parsing a stringlist field.
Problem and fix originally reported by Kentaro Oda to the mad-dev
mailing list.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2109
for some more info.
------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Wed May 21 09:42:13 UTC 2008
Modified Files:
pkgsrc/audio/libid3tag: distinfo
pkgsrc/audio/libid3tag/patches: patch-ab
Log Message:
Fix broken URL and correct incorrect patch checksum.
diffstat:
audio/libid3tag/Makefile | 4 ++--
audio/libid3tag/distinfo | 3 ++-
audio/libid3tag/patches/patch-ab | 16 ++++++++++++++++
3 files changed, 20 insertions(+), 3 deletions(-)
diffs (46 lines):
diff -r 7769270f3af7 -r 3642a4deb37b audio/libid3tag/Makefile
--- a/audio/libid3tag/Makefile Thu May 22 14:02:26 2008 +0000
+++ b/audio/libid3tag/Makefile Fri May 23 10:25:50 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.21 2007/07/01 15:57:16 heinz Exp $
+# $NetBSD: Makefile,v 1.21.6.1 2008/05/23 10:25:50 rtr Exp $
#
DISTNAME= libid3tag-0.15.1b
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= audio
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mad/}
diff -r 7769270f3af7 -r 3642a4deb37b audio/libid3tag/distinfo
--- a/audio/libid3tag/distinfo Thu May 22 14:02:26 2008 +0000
+++ b/audio/libid3tag/distinfo Fri May 23 10:25:50 2008 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.3 2005/02/23 20:39:47 agc Exp $
+$NetBSD: distinfo,v 1.3.26.1 2008/05/23 10:25:50 rtr Exp $
SHA1 (libid3tag-0.15.1b.tar.gz) = 4d867e8a8436e73cd7762fe0e85958e35f1e4306
RMD160 (libid3tag-0.15.1b.tar.gz) = 31a69b8ad7684aefdb675acc8ebf89bd6f432095
Size (libid3tag-0.15.1b.tar.gz) = 338143 bytes
SHA1 (patch-aa) = 2103523de3b2703479bba578eb002b33ffff88b0
+SHA1 (patch-ab) = ec5cc92d762d92cebbc180db0300faf0e4c620d2
diff -r 7769270f3af7 -r 3642a4deb37b audio/libid3tag/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libid3tag/patches/patch-ab Fri May 23 10:25:50 2008 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ab,v 1.2.2.2 2008/05/23 10:25:50 rtr Exp $
+
+Fix for initite loop bug in libid3tag-0.15.0b.
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2109
+
+--- field.c.orig 2004-01-23 20:41:32.000000000 +1100
++++ field.c
+@@ -291,7 +291,7 @@ int id3_field_parse(union id3_field *fie
+
+ end = *ptr + length;
+
+- while (end - *ptr > 0) {
++ while (end - *ptr > 0 && **ptr != '\0') {
+ ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ if (ucs4 == 0)
+ goto fail;
Home |
Main Index |
Thread Index |
Old Index